Montag, 18. Juli 2011

Decrypting the secret key of the Trion Rift Authenticator for Android

This is the promised start of the series that documents the methods behind the Trion Rift Authenticator for Android.

The secret key in the file is a series HEX values. Those have to be parsed and converted into byte values before we can do anything useful with the encrypted secret key.

Loading the secret key

The first part covers the decryption of the secret key that’s stored in the following file:

/data/data/com.trionworlds.mobile.auth/shared_prefs/system.xml

The file format is the standard file format used for “shared preferences” of Android applications. The XML file contains 3 values with the names secret_key, serial_key, and time_offset.

Value name Description
secret_key The encrypted secret key that will be used to create the login token.
serial_key Serial key of the current authentificator configuration.
time_offset The time offset between client and server.


Decryption

The decryption itself is quite simple:

  • Create the cipher key
    • Create a SHA1PRNG random number generator
    • Initialize it with the “TrionMasterKey_031611” as seed (after converting it into a byte array)
    • Create a key generator for the AES 128 cipher
    • Initialize the key generator with the previously created SHA1PRNG
  • Decrypt the secret key
    • Create the cipher with the key from the key generator
    • HEX-decode the encrypted secret key. The resulting bytes must be decrypted.
    • Perform the decryption

The pitfalls

Pitfall #1: SHA1PRNG

As you can see, the decryption is very simple – but it’s quite difficult to decrypt the secret key when you don’t have access to an android phone. The main problem is the SHA1PRNG random number generator because everybody implements it differently. I just tried the following implementations and every single one gave different results:

  • BouncyCastle for .NET
  • Java 1.6 (aka Java 6)
  • Android (uses Apache Harmony)
  • Apache Harmony

The funny thing is that Android uses a bug fixed version of SHA1PRNG and therefore produces results different from Apache Harmony.

I converted the Android SHA1PRNG to C# so that everybody can avoid this pitfall: C# implementation of Android's SHA1PRNG

Pitfall #2: Access to Authenticator configuration

Usually you cannot access the shared preferences of a different application. The only way around this problem is (AFAIK) using a rooted Android phone.

Epilogue of part #1

The whole authenticator stuff is very simple – but it should be at least as secure as the Battle.Net Authenticator. The communication security get’s done by the SSL layer and certificate validation which keeps the server communication simple and clean.

PS: I hope that Trion doesn’t change the secret key and login token creation process because publishing my knowledge about this stuff shouldn’t weaken the login security process.

Keine Kommentare: